iptables Basics : Chapter 2, Fail2Ban

Advertisement

This is Era of Automation. iptables Rules Can Be Automated With Interactive Package Fail2Ban Which iptables Basics Chapter 2 Will Explain. We expect that the reader has undergone Chapter 1 of iptables Basics. It is very important to read for this guide.

First, stop the automatic system via cron to erase the new rules we taught you on Chapter 1 of iptables Basics by running crontab -e and commenting out the line.

We can then add a few simple firewall rules to block most of the common attacks. These will protect our server from the script kiddies. Can iptables block DDOS or worser like MiTMA? Yes, unless you are running a financial website for too many attacks you need higher RAM server in front as loadbalancer with higher security. Again you need iptables. The cloud services for protecting DDoS are mostly designed for the larger websites with ton of traffic with zero false positive. Web hosts have some anti-DDoS. Plus it is important to use a premium DNS service like Dyn. You can use $7/month 6GB server with it, there are many such options like Host1Plus, RAMNode, OVH, VPSDime, ArubaCloud. Linode, DigitalOcean, Rackspace – all are kind of same and frankly lost merit now as cloud computing and virtualization softwares are mostly Free Softwares now.

Frankly, for the most up to this will run fine. Now the last set of commands are :

Vim

1

2

iptables-POUTPUT ACCEPT

iptables-PINPUT DROP

If you followed our Chapter 1 of iptables Basics, without fear you can do whatever – after 10 minutes, iptables will get “reset”. You have to test within this period. Slowly you will increase the time for testing and use Github like revision control system to keep backup of the iptables rule set.

You need a point only few ports remain open – quite simple. Port 80, 443, 22 are most mandatory to keep open ports. If you block Port 80, 443 and allow few – it becomes virtual private IP. Such are needed for database servers.

iptables Basics : Chapter 2, Fail2Ban

Within 10 minutes will be running Fail2Ban (a software to automatically detect the attack pattern and write on iptables to ban IPs and lift the ban too). It is no longer iptables Basics guide though. If you followed our Chapter 1 of iptables Basics, you must stop the 10 minutes iptables automatic “reset” system first.

You will read about Fail2Ban on official website and configure it. We are providing method for immediate run.

It is very important to take a backup of iptables at this point – fail2ban itself get added on iptables for working. The configuration I provided lack security for nginx or apache and just “basic”. You should read documentation and modify it. Default configuration file is frankly like bloated php.ini file.

It is difficult for a professional hacker to enter a server if fail2ban is installed and properly configured. It will actively ban like a human. It goes great when the hacker checks the real webpage. Just imagine, this level of automation is circumvented by targeted attack. There is no reason to think that we have enough secured the server. We are still in “iptables Basics”.

Port scan can figure out what services are running, then you find one that is out of date and exploit it. In the Matrix movie Trinity was able to break into the power plant system, because the sysadmin probably never updated the ssh demon and thus she was able to run SSHv1 CRC32 exploit on the machine and get root privilege. She used sshnuke. If Trinity was sysadmin, definitely not keep the system not updated. nmap has dedicated webpage for their mentions in movies. Here is the full size image we included, notice carefully.

You can continue reading our next chapter – iptables Basics Chapter 3 where we have discussed how to harden WordPress in conjunction to IPTables, Fail2Ban and Fail2Ban WordPress Plugin.

This the copy-paste from the screen, which attachers may also run on your server :